How to bind SNMPD on SecurePlatform OS to specific interface

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk93644
Technical Level
Product	Quantum Security Gateways, ClusterXL, Quantum Security Management, Multi-Domain Security Management
Version	R75 (EOL), R76 (EOL), R77 (EOL)
OS	SecurePlatform 2.6
Platform / Model	All
Date Created	18-Jul-2013
Last Modified	20-Nov-2015

Symptoms

It is not possible to send SNMP Response / SNMP Trap from specific IP address.
SNMP Query to a remote machine over VPN tunnel fails because SNMP Response is dropped.
SmartView Tracker shows the following logs:
- SNMP Request - is decrypted
  
  Origin: GATEWAY_NAME
  Type: Log
  Action: Decrypt
  Service: snmp (161)
  Source Port: SOURCE_PORT
  Source: SOURCE_MACHINE_ADDRESS
  Destination: DESTINATION_MACHINE_ADDRESS
  Protocol: udp
  Community: COMMUNITY_NAME
  Information: inzone: External
  outzone: Local
  service_id: snmp
  VPN Peer Gateway: VPN_PEER_GW_OBJECT
  Subproduct: VPN
  VPN Feature: VPN
  Product: Security Gateway/Management
- SNMP Response - is dropped
  
  Origin: GATEWAY_NAME
  Type: Log
  Action: Drop
  Service: SOURCE_PORT
  Source Port: snmp-read (161)
  Source: GATEWAY_NAME
  Destination: SOURCE_MACHINE_ADDRESS
  Protocol: udp
  Product: Security Gateway/Management

Cause

By default, the SNMPD daemon and the 'cp_monitor' are bound to localhost address. As a result, SNMP Response / SNMP Trap might be sent from an IP address that is not a part of an encryption domain.

Solution

Note: To view this solution you need to Sign In .